Detailed description of the issue and some FAQ's can be found here and here.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Schneider Electrics' Data Center Business has conducted a vulnerability assessment on the following platforms and found current shipping versions of each are not affected by the Heartbleed vulnerability.

Data Center Operations (DCO) is currently operating with OpenSSL v0.9.8 and is therefore not affected.

Data Center Expert (DCE) is currently operating with OpenSSL v1.0.0 and is therefore not affected.

NetBotz Appliances are currently operating with OpenSSL v0.9.8b and is therefore not affected.

All Network Management Card (NMC) Applications do not utilize OpenSSL and are therefore not affected.

MGE Network Shutdown Module v3.07.01 for Windows uses the OpenSSL v1.0.1e which is vulnerable to the Heartbleed bug. Network Shutdown Module v3.06.04 for Linux is not impacted.

To recover, upgrade all instances of Network Shutdown Module for Windows to v3.07.02 (available @ http://www.apc.com/tools/download/index.cfm and select "Software Upgrade - MGE Accessories" in the Software Filter and click submit.) and change your user credentials. Please read the Release Notes for further information.

Cyber Security is an important element of Schneider Electrics' commitment to software quality. Regular vulnerability assessment and further investigation is ongoing on other Schneider Electric platforms in addition to the above and will be detailed if discovered.